Re: Mobile Device Management

[Kurt Buff]

I'm guessing (I haven't tried) that this is not a problem if you have
Win7 Enterprise and BitLocker - it'll boot up without a password just
fine, and still be protected.

Might have to try it out on one of my lab machines, to see if it works.

Kurt

On Wed, Jan 30, 2013 at 1:48 PM, Angus Scott-Fleming
 wrote:
> On 30 Jan 2013 at 20:24, Cameron Cooper  wrote:
>
>> In light of one of our company laptops being stolen (from the user's car),
>> we've been tasked to look for a mobile solution that would allow us to
>> track,
>> recover and remote wipe a laptop, tablet and smartphone and would like
>> some
>> recommendations on what some are currently using. So far we've looked at
>> LoJack for Laptops and Prey (PreyProjects). Thanks, Cameron
>
> Whole-disk-encryption on laptops is an absolute must IMHO.  That way you're
> only out hardware no matter what.
>
> The biggest problem with most tracking-and-wiping solutions like Prey is
> that the laptop has to be booted and the OS loaded for them to work. Since I
> use Truecrypt whole-disk-encryption and the password is required to boot or
> to awake after hibernation I don't use Prey.
>
> LoJack has a version which installs in the BIOS (installed at the factory on
> many bigger brands now, but you have to activate it $$$).  This version
> phones home if there is an active network connection no matter how the
> computer is booted.  But security flaws in the BIOS implementation of LoJack
> for Laptops were documented at a 2009 BlackHat session.  Don't know if
> they're still there.
>
> This might be of interest:
>
> Intel® Anti-Theft Technology — What is Intel® Anti-Theft Technology?
> http://www.intel.com/support/services/antitheft/sb/CS-030335.htm
>
> More info:
>
> LoJack - Wikipedia, the free encyclopedia
> https://en.wikipedia.org/wiki/LoJack#for_Laptops
>
> At the Black Hat Briefings conference in 2009, researchers Anibal Sacco[15]
> and Alfredo Ortega showed that the implementation of the Computrace/LoJack
> agent embedded in the BIOS has vulnerabilities and that this "available
> control of the anti-theft agent allows a highly dangerous form of
> BIOS-enhanced rootkit that can bypass all chipset or installation
> restrictions and reutilize many existing features offered in this kind of
> software."[16][17] Absolute Software rejected the claims made in the
> research, stating that "the presence of the Computrace module in no way
> weakens the security of the BIOS". Another independent analyst confirmed the
> flaws, noted that a malware hijacking attack would be a "highly exotic one",
> and suggested that the larger concern was that savvy thieves could disable
> the phone home feature.[18]
>
> Core Security Technologies
> http://www.coresecurity.com/content/Deactivate-the-Rootkit
> Deactivate the Rootkit - Black Hat USA 2009
> Link to paper:
> http://www.coresecurity.com/files/attachments/Paper-Deactivate-the-Rootkit-AOrtega-ASacco.pdf
>
> Share your findings back here please.
>
> HTH
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Progress in password cracking

[Angus Scott-Fleming]

On 26 Jan 2013 at 14:50, Kurt Buff  wrote:

> Grammar badness makes cracking harder the long password
> Password crackers get an English lesson.
> 
> by Dan Goodin
> Jan 24 2013
> Ars Technica
> 
> When it comes to long phrases used to defeat recent advances in
> password cracking, bigger isn't necessarily better, particularly when
> the phrases adhere to grammatical rules.

Whiich is whyy II oftten missllep wurds inn mmy pawsords.
--
Angus Scott-Fleming
GeoApps, Tucson, Arizona
1-520-290-5038
Security Blog: http://geoapps.com/





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Mobile Device Management

[Kat Aylward Langan]

Damn - almost went to work for them many years ago - I could have been rich
from the buyout!  They were less than 2 miles from my house at the time,
which was very attractive at the time!


On Wed, Jan 30, 2013 at 12:57 PM, Guyer, Don  wrote:

> Interesting, Web, interesting…
>
> ** **
>
> J
>
> ** **
>
> Regards,
>
> * *
>
> *Don Guyer**
> **Catholic Health East - Information Technology*
>
> Enterprise Directory & Messaging Services
> 3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
>
> email: *dgu...@che.org*
>
> Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
>
> *For immediate assistance, please open a Service Desk ticket or call the
> helpdesk @ 610-492-3839.*
>
> [image: Description: Description: Description: InfoService-Logo240]
>
> ** **
>
> *From:* Webster [mailto:webs...@carlwebster.com]
> *Sent:* Wednesday, January 30, 2013 3:55 PM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Mobile Device Management
>
> ** **
>
> Now part of Citrix. J
>
> ** **
>
> Thanks
>
> ** **
>
> ** **
>
> Webster
>
> ** **
>
> *From:* Guyer, Don [mailto:dgu...@che.org]
> *Subject:* RE: Mobile Device Management
>
> ** **
>
> We use Zenprise. Adds device policy management to your list of
> requirements.
>
> ** **
>
> Regards,
>
> * *
>
> ** **
>
> *From:* Cameron Cooper [mailto:ccoo...@aurico.com ]
> *Subject:* Mobile Device Management
>
> ** **
>
> All,
>
>  
>
> In light of one of our company laptops being stolen (from the user’s car),
> we’ve been tasked to look for a mobile solution that would allow us to
> track, recover and remote wipe a laptop, tablet and smartphone and would
> like some recommendations on what some are currently using.
>
>  
>
> So far we’ve looked at LoJack for Laptops and Prey (PreyProjects).
>
>  
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> Confidentiality Notice:
>
> This e-mail, including any attachments is the
> property of Catholic Health East and is intended
> for the sole use of the intended recipient(s).
> It may contain information that is privileged and
> confidential.  Any unauthorized review, use,
> disclosure, or distribution is prohibited. If you are
> not the intended recipient, please delete this message, and
> reply to the sender regarding the error in a separate email.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>



-- 
Kat Aylward Langan

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Mobile Device Management

[Guyer, Don]

Interesting, Web, interesting...

:)

Regards,

Don Guyer
Catholic Health East - Information Technology
Enterprise Directory & Messaging Services
3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
email: dgu...@che.org
Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
For immediate assistance, please open a Service Desk ticket or call the 
helpdesk @ 610-492-3839.
[cid:image001.jpg@01CDFF02.76D15460]

From: Webster [mailto:webs...@carlwebster.com]
Sent: Wednesday, January 30, 2013 3:55 PM
To: NT System Admin Issues
Subject: RE: Mobile Device Management

Now part of Citrix. :)

Thanks


Webster

From: Guyer, Don [mailto:dgu...@che.org]
Subject: RE: Mobile Device Management

We use Zenprise. Adds device policy management to your list of requirements.

Regards,


From: Cameron Cooper [mailto:ccoo...@aurico.com]
Subject: Mobile Device Management

All,

In light of one of our company laptops being stolen (from the user's car), 
we've been tasked to look for a mobile solution that would allow us to track, 
recover and remote wipe a laptop, tablet and smartphone and would like some 
recommendations on what some are currently using.

So far we've looked at LoJack for Laptops and Prey (PreyProjects).


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:
This e-mail, including any attachments is the 
property of Catholic Health East and is intended 
for the sole use of the intended recipient(s).  
It may contain information that is privileged and 
confidential.  Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are 
not the intended recipient, please delete this message, and 
reply to the sender regarding the error in a separate email. 
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Mobile Device Management

[Guyer, Don]

We use Zenprise. Adds device policy management to your list of requirements.

Regards,

Don Guyer
Catholic Health East - Information Technology
Enterprise Directory & Messaging Services
3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
email: dgu...@che.org
Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
For immediate assistance, please open a Service Desk ticket or call the 
helpdesk @ 610-492-3839.
[cid:image001.jpg@01CDFEFF.7E4F1540]

From: Cameron Cooper [mailto:ccoo...@aurico.com]
Sent: Wednesday, January 30, 2013 3:25 PM
To: NT System Admin Issues
Subject: Mobile Device Management

All,

In light of one of our company laptops being stolen (from the user's car), 
we've been tasked to look for a mobile solution that would allow us to track, 
recover and remote wipe a laptop, tablet and smartphone and would like some 
recommendations on what some are currently using.

So far we've looked at LoJack for Laptops and Prey (PreyProjects).

Thanks,

Cameron


CONFIDENTIALITY NOTICE: This email message is intended only for the person or 
entity to which it is addressed and may contain confidential material. Any 
unauthorized review, use, disclosure, downloading, copying or distribution is 
prohibited. If you are not the intended recipient, please contact the sender by 
reply email and permanently delete all copies of the original message. If you 
are the intended recipient but do not wish to receive communications through 
this medium, please advise the sender immediately.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:
This e-mail, including any attachments is the 
property of Catholic Health East and is intended 
for the sole use of the intended recipient(s).  
It may contain information that is privileged and 
confidential.  Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are 
not the intended recipient, please delete this message, and 
reply to the sender regarding the error in a separate email.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Mobile Device Management

[kz20fl]

MobileNow from AppSense can handle the phone and tablet piece, the demos I saw 
looked very good and it has just been released. I can get some more info on it 
for you in a little while - not sure whether it is specifically MAM or MDM 
though.

Sent from my Blackberry, which may be an antique but delivers email RELIABLY

-Original Message-
From: Cameron Cooper 
Date: Wed, 30 Jan 2013 20:24:43 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Mobile Device Management

All,

In light of one of our company laptops being stolen (from the user's car), 
we've been tasked to look for a mobile solution that would allow us to track, 
recover and remote wipe a laptop, tablet and smartphone and would like some 
recommendations on what some are currently using.

So far we've looked at LoJack for Laptops and Prey (PreyProjects).

Thanks,

Cameron


CONFIDENTIALITY NOTICE: This email message is intended only for the person or 
entity to which it is addressed and may contain confidential material. Any 
unauthorized review, use, disclosure, downloading, copying or distribution is 
prohibited. If you are not the intended recipient, please contact the sender by 
reply email and permanently delete all copies of the original message. If you 
are the intended recipient but do not wish to receive communications through 
this medium, please advise the sender immediately.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Favorite VPN solution?

[Kurt Buff]

I'm sure MSFT wanted a differentiator (along with AppLocker and
BitLocker, etc.) - something to make the EA and other high-end
customers feel like they're getting a good deal, if nothing else.

Not saying I *like* that, you understand...

In fact, IIRC, BitLocker is now part of Win8 Pro - but I won't get
into the silliness of the partitioning of capabilities by edition,
which just gets me angry...

Kurt

On Wed, Jan 30, 2013 at 11:02 AM, Glen Johnson  wrote:
> Kurt.
> Spot on analysis.
> If I were starting from scratch 2012 is the bees knees as they say.
> And I've never understood the client requirements, enterprise and ultimate 
> editions.
> IMO should have been pro and above.
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, January 30, 2013 1:34 PM
> To: NT System Admin Issues
> Subject: Re: Favorite VPN solution?
>
> The DirectAccess solution from Microsoft definitely doesn't require Java.
>
> However, at least for Win7, it does require Enterprise or Ultimate - I 
> believe Win8 must be Enterprise as well.
>
> For the server, it requires either Server 2008 R2 with UAG, or Server 2012.
>
> The 2008 R2 with UAG requires a working PKI for its clients, but the
> 2012 version only requires a working PKI for Win7 clients.
>
> Someday MSFT might not require the Enterprise version of the clients - that 
> would be really outstanding, but I'm not holding my breath...
>
> One big limitation of the DirectAccess technology is that it is a pure
> IPv6 solution. If you have client software that makes explicit calls to the 
> IPv4 stack, and doesn't understand IPv6, you're screwed (Lync
> 2010 and Shoretel client, I'm looking at you).
>
> IME, the 2008 R2/UAG version is tedious and a bit tricky to set up - haven't 
> yet played with the 2012 version.
>
> But, other than that, it's a way cool technology - no extra logins required, 
> once the GPOs take effect, you just open your laptop, turn it on, log in as 
> if you were in the office, and you're off to the races, subject to the 
> limitations of your connection speed.
>
> I'm glad I turned it up.
>
> Kurt
>
> On Wed, Jan 30, 2013 at 10:04 AM, Glen Johnson  wrote:
>> I'm 99 percent sure the MS vpn solution in server 2012 doesn't require java.
>>
>> -Original Message-
>> From: Sam Cayze [mailto:sca...@gmail.com]
>> Sent: Wednesday, January 30, 2013 12:54 PM
>> To: NT System Admin Issues
>> Subject: RE: Favorite VPN solution?
>>
>> Are there 'clientless' VPN solutions that don't use Java?
>> I don't know much about the new VPN solutions out there.
>>
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Favorite VPN solution?

[Kurt Buff]

On Wed, Jan 30, 2013 at 10:50 AM, Michael B. Smith
 wrote:
> Server 2012 setup is a dream. And it deals much better with IPv4-only 
> solutions.

I hope to upgrade to that toward the end of the calendar year. That
depends on budgeting/schedule, however.

> Also any VPN provided as part of RRAS (just RAS in Server 2012) has built-in 
> clients for Windows. This includes PPTP and L2TP VPNs.

Yep.

But, don't they require manual starts? I admit I haven't played with them.

Also, straight up IPSec might be an option as well - haven't played
with that, either, though.

Kurt


> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: Wednesday, January 30, 2013 1:34 PM
> To: NT System Admin Issues
> Subject: Re: Favorite VPN solution?
>
> The DirectAccess solution from Microsoft definitely doesn't require Java.
>
> However, at least for Win7, it does require Enterprise or Ultimate - I 
> believe Win8 must be Enterprise as well.
>
> For the server, it requires either Server 2008 R2 with UAG, or Server 2012.
>
> The 2008 R2 with UAG requires a working PKI for its clients, but the
> 2012 version only requires a working PKI for Win7 clients.
>
> Someday MSFT might not require the Enterprise version of the clients - that 
> would be really outstanding, but I'm not holding my breath...
>
> One big limitation of the DirectAccess technology is that it is a pure
> IPv6 solution. If you have client software that makes explicit calls to the 
> IPv4 stack, and doesn't understand IPv6, you're screwed (Lync
> 2010 and Shoretel client, I'm looking at you).
>
> IME, the 2008 R2/UAG version is tedious and a bit tricky to set up - haven't 
> yet played with the 2012 version.
>
> But, other than that, it's a way cool technology - no extra logins required, 
> once the GPOs take effect, you just open your laptop, turn it on, log in as 
> if you were in the office, and you're off to the races, subject to the 
> limitations of your connection speed.
>
> I'm glad I turned it up.
>
> Kurt
>
> On Wed, Jan 30, 2013 at 10:04 AM, Glen Johnson  wrote:
>> I'm 99 percent sure the MS vpn solution in server 2012 doesn't require java.
>>
>> -Original Message-
>> From: Sam Cayze [mailto:sca...@gmail.com]
>> Sent: Wednesday, January 30, 2013 12:54 PM
>> To: NT System Admin Issues
>> Subject: RE: Favorite VPN solution?
>>
>> Are there 'clientless' VPN solutions that don't use Java?
>> I don't know much about the new VPN solutions out there.
>>
>>
>>
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~
>>   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Favorite VPN solution?

[Glen Johnson]

Kurt.
Spot on analysis.
If I were starting from scratch 2012 is the bees knees as they say.
And I've never understood the client requirements, enterprise and ultimate 
editions.
IMO should have been pro and above.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, January 30, 2013 1:34 PM
To: NT System Admin Issues
Subject: Re: Favorite VPN solution?

The DirectAccess solution from Microsoft definitely doesn't require Java.

However, at least for Win7, it does require Enterprise or Ultimate - I believe 
Win8 must be Enterprise as well.

For the server, it requires either Server 2008 R2 with UAG, or Server 2012.

The 2008 R2 with UAG requires a working PKI for its clients, but the
2012 version only requires a working PKI for Win7 clients.

Someday MSFT might not require the Enterprise version of the clients - that 
would be really outstanding, but I'm not holding my breath...

One big limitation of the DirectAccess technology is that it is a pure
IPv6 solution. If you have client software that makes explicit calls to the 
IPv4 stack, and doesn't understand IPv6, you're screwed (Lync
2010 and Shoretel client, I'm looking at you).

IME, the 2008 R2/UAG version is tedious and a bit tricky to set up - haven't 
yet played with the 2012 version.

But, other than that, it's a way cool technology - no extra logins required, 
once the GPOs take effect, you just open your laptop, turn it on, log in as if 
you were in the office, and you're off to the races, subject to the limitations 
of your connection speed.

I'm glad I turned it up.

Kurt

On Wed, Jan 30, 2013 at 10:04 AM, Glen Johnson  wrote:
> I'm 99 percent sure the MS vpn solution in server 2012 doesn't require java.
>
> -Original Message-
> From: Sam Cayze [mailto:sca...@gmail.com]
> Sent: Wednesday, January 30, 2013 12:54 PM
> To: NT System Admin Issues
> Subject: RE: Favorite VPN solution?
>
> Are there 'clientless' VPN solutions that don't use Java?
> I don't know much about the new VPN solutions out there.
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Favorite VPN solution?

[Michael B. Smith]

Server 2012 setup is a dream. And it deals much better with IPv4-only solutions.

Also any VPN provided as part of RRAS (just RAS in Server 2012) has built-in 
clients for Windows. This includes PPTP and L2TP VPNs.

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, January 30, 2013 1:34 PM
To: NT System Admin Issues
Subject: Re: Favorite VPN solution?

The DirectAccess solution from Microsoft definitely doesn't require Java.

However, at least for Win7, it does require Enterprise or Ultimate - I believe 
Win8 must be Enterprise as well.

For the server, it requires either Server 2008 R2 with UAG, or Server 2012.

The 2008 R2 with UAG requires a working PKI for its clients, but the
2012 version only requires a working PKI for Win7 clients.

Someday MSFT might not require the Enterprise version of the clients - that 
would be really outstanding, but I'm not holding my breath...

One big limitation of the DirectAccess technology is that it is a pure
IPv6 solution. If you have client software that makes explicit calls to the 
IPv4 stack, and doesn't understand IPv6, you're screwed (Lync
2010 and Shoretel client, I'm looking at you).

IME, the 2008 R2/UAG version is tedious and a bit tricky to set up - haven't 
yet played with the 2012 version.

But, other than that, it's a way cool technology - no extra logins required, 
once the GPOs take effect, you just open your laptop, turn it on, log in as if 
you were in the office, and you're off to the races, subject to the limitations 
of your connection speed.

I'm glad I turned it up.

Kurt

On Wed, Jan 30, 2013 at 10:04 AM, Glen Johnson  wrote:
> I'm 99 percent sure the MS vpn solution in server 2012 doesn't require java.
>
> -Original Message-
> From: Sam Cayze [mailto:sca...@gmail.com]
> Sent: Wednesday, January 30, 2013 12:54 PM
> To: NT System Admin Issues
> Subject: RE: Favorite VPN solution?
>
> Are there 'clientless' VPN solutions that don't use Java?
> I don't know much about the new VPN solutions out there.
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Favorite VPN solution?

[Kurt Buff]

The DirectAccess solution from Microsoft definitely doesn't require Java.

However, at least for Win7, it does require Enterprise or Ultimate - I
believe Win8 must be Enterprise as well.

For the server, it requires either Server 2008 R2 with UAG, or Server 2012.

The 2008 R2 with UAG requires a working PKI for its clients, but the
2012 version only requires a working PKI for Win7 clients.

Someday MSFT might not require the Enterprise version of the clients -
that would be really outstanding, but I'm not holding my breath...

One big limitation of the DirectAccess technology is that it is a pure
IPv6 solution. If you have client software that makes explicit calls
to the IPv4 stack, and doesn't understand IPv6, you're screwed (Lync
2010 and Shoretel client, I'm looking at you).

IME, the 2008 R2/UAG version is tedious and a bit tricky to set up -
haven't yet played with the 2012 version.

But, other than that, it's a way cool technology - no extra logins
required, once the GPOs take effect, you just open your laptop, turn
it on, log in as if you were in the office, and you're off to the
races, subject to the limitations of your connection speed.

I'm glad I turned it up.

Kurt

On Wed, Jan 30, 2013 at 10:04 AM, Glen Johnson  wrote:
> I'm 99 percent sure the MS vpn solution in server 2012 doesn't require java.
>
> -Original Message-
> From: Sam Cayze [mailto:sca...@gmail.com]
> Sent: Wednesday, January 30, 2013 12:54 PM
> To: NT System Admin Issues
> Subject: RE: Favorite VPN solution?
>
> Are there 'clientless' VPN solutions that don't use Java?
> I don't know much about the new VPN solutions out there.
>
>
>
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dumping DHCP to a File

[Guyer, Don]

Thx guys. Yes, I just ran it. Would take longer to manipulate that data than 
the current process that the person working on this currently showed me.

However, Michael, anything you could throw my way would be greatly appreciated, 
as usual!

Regards,

Don Guyer
Catholic Health East - Information Technology
Enterprise Directory & Messaging Services
3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
email: dgu...@che.org
Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
For immediate assistance, please open a Service Desk ticket or call the 
helpdesk @ 610-492-3839.
[cid:image001.jpg@01CDFEEC.EDF31440]

From: Michael B. Smith [mailto:mich...@smithcons.com]
Sent: Wednesday, January 30, 2013 1:09 PM
To: NT System Admin Issues
Subject: RE: Dumping DHCP to a File

Yes... I've got powershell scripts that post-process this file, but that's 
where the data has to come from...

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Wednesday, January 30, 2013 1:03 PM
To: NT System Admin Issues
Subject: RE: Dumping DHCP to a File

Try "netsh dhcp server dump"

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Guyer, Don [mailto:dgu...@che.org]
Sent: Wednesday, January 30, 2013 12:55 PM
To: NT System Admin Issues
Subject: Dumping DHCP to a File

Everyone,

I'm looking for a way to dump the DHCP info to a text/CSV file. 
I know how to export it to a DAT file to move it to another server but, I need 
to create a spreadsheet with the data because we are moving DHCP management to 
non-Windows devices.

Regards,

Don Guyer
Catholic Health East - Information Technology
Enterprise Directory & Messaging Services
3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
email: dgu...@che.org
Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
For immediate assistance, please open a Service Desk ticket or call the 
helpdesk @ 610-492-3839.
[cid:image001.jpg@01CDFEEC.EDF31440]


Confidentiality Notice:
This e-mail, including any attachments is the
property of Catholic Health East and is intended
for the sole use of the intended recipient(s).
It may contain information that is privileged and
confidential.  Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are
not the intended recipient, please delete this message, and
reply to the sender regarding the error in a separate email.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
Confidentiality Notice:
This e-mail, including any attachments is the 
property of Catholic Health East and is intended 
for the sole use of the intended recipient(s).  
It may contain information that is privileged and 
confidential.  Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are 
not the intended recipient, please delete this message, and 
reply to the sender regarding the error in a separate email.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Dumping DHCP to a File

[Michael B. Smith]

Yes... I've got powershell scripts that post-process this file, but that's 
where the data has to come from...

From: Damien Solodow [mailto:damien.solo...@harrison.edu]
Sent: Wednesday, January 30, 2013 1:03 PM
To: NT System Admin Issues
Subject: RE: Dumping DHCP to a File

Try "netsh dhcp server dump"

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Guyer, Don [mailto:dgu...@che.org]
Sent: Wednesday, January 30, 2013 12:55 PM
To: NT System Admin Issues
Subject: Dumping DHCP to a File

Everyone,

I'm looking for a way to dump the DHCP info to a text/CSV file. 
I know how to export it to a DAT file to move it to another server but, I need 
to create a spreadsheet with the data because we are moving DHCP management to 
non-Windows devices.

Regards,

Don Guyer
Catholic Health East - Information Technology
Enterprise Directory & Messaging Services
3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
email: dgu...@che.org
Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
For immediate assistance, please open a Service Desk ticket or call the 
helpdesk @ 610-492-3839.
[Description: Description: Description: InfoService-Logo240]


Confidentiality Notice:
This e-mail, including any attachments is the
property of Catholic Health East and is intended
for the sole use of the intended recipient(s).
It may contain information that is privileged and
confidential.  Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are
not the intended recipient, please delete this message, and
reply to the sender regarding the error in a separate email.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Favorite VPN solution?

[Glen Johnson]

I'm 99 percent sure the MS vpn solution in server 2012 doesn't require java.

-Original Message-
From: Sam Cayze [mailto:sca...@gmail.com] 
Sent: Wednesday, January 30, 2013 12:54 PM
To: NT System Admin Issues
Subject: RE: Favorite VPN solution?

Are there 'clientless' VPN solutions that don't use Java?
I don't know much about the new VPN solutions out there.  




~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Dumping DHCP to a File

[Damien Solodow]

Try "netsh dhcp server dump"

DAMIEN SOLODOW
Systems Engineer
317.447.6033 (office)
317.447.6014 (fax)
HARRISON COLLEGE

From: Guyer, Don [mailto:dgu...@che.org]
Sent: Wednesday, January 30, 2013 12:55 PM
To: NT System Admin Issues
Subject: Dumping DHCP to a File

Everyone,

I'm looking for a way to dump the DHCP info to a text/CSV file. 
I know how to export it to a DAT file to move it to another server but, I need 
to create a spreadsheet with the data because we are moving DHCP management to 
non-Windows devices.

Regards,

Don Guyer
Catholic Health East - Information Technology
Enterprise Directory & Messaging Services
3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
email: dgu...@che.org
Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
For immediate assistance, please open a Service Desk ticket or call the 
helpdesk @ 610-492-3839.
[Description: Description: Description: InfoService-Logo240]


Confidentiality Notice:
This e-mail, including any attachments is the
property of Catholic Health East and is intended
for the sole use of the intended recipient(s).
It may contain information that is privileged and
confidential.  Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are
not the intended recipient, please delete this message, and
reply to the sender regarding the error in a separate email.


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Dumping DHCP to a File

[Guyer, Don]

Everyone,

I'm looking for a way to dump the DHCP info to a text/CSV file. 
I know how to export it to a DAT file to move it to another server but, I need 
to create a spreadsheet with the data because we are moving DHCP management to 
non-Windows devices.

Regards,

Don Guyer
Catholic Health East - Information Technology
Enterprise Directory & Messaging Services
3805 West Chester Pike, Suite 100, Newtown Square, Pa  19073
email: dgu...@che.org
Office:  610.550.3595 | Cell: 610.955.6528 | Fax: 610.271.9440
For immediate assistance, please open a Service Desk ticket or call the 
helpdesk @ 610-492-3839.
[cid:image001.jpg@01CDFEE8.FD33CA70]


Confidentiality Notice:
This e-mail, including any attachments is the
property of Catholic Health East and is intended
for the sole use of the intended recipient(s). 
It may contain information that is privileged and
confidential.  Any unauthorized review, use,
disclosure, or distribution is prohibited. If you are
not the intended recipient, please delete this message, and
reply to the sender regarding the error in a separate email.
 

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

RE: Favorite VPN solution?

[Sam Cayze]

Are there 'clientless' VPN solutions that don't use Java?
I don't know much about the new VPN solutions out there.  




~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Windows Network Awareness and "Public Network"

[David Lum]

Oy. Found It and made the change. A little slow today...

From: kz2...@googlemail.com [mailto:kz2...@googlemail.com]
Sent: Wednesday, January 30, 2013 7:07 AM
To: NT System Admin Issues
Subject: Re: Windows Network Awareness and "Public Network"

Can't you just change it?

I remember having to switch some lab systems to Private to get them to 
talkdon't remember if you can force the Domain profile though
Sent from my Blackberry, which may be an antique but delivers email RELIABLY

From: David Lum mailto:david@nwea.org>>
Date: Wed, 30 Jan 2013 15:02:36 +
To: NT System Admin 
Issuesmailto:ntsysadmin@lyris.sunbelt-software.com>>
ReplyTo: "NT System Admin Issues" 
mailto:ntsysadmin@lyris.sunbelt-software.com>>
Subject: Windows Network Awareness and "Public Network"

Does anyone know what ports need to be open for Windows Network Awareness to 
believe it's on a domain? I have a DMZ server in a DMZ that thinks it's on a 
Public network - we can get it to talk to other systems but can't get any 
ingress traffic to it.
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Been a long day today, but I won...

[Don Kuhlman]

Nice detective work!

Don K

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, January 30, 2013 1:42 AM
To: NT System Admin Issues
Subject: Been a long day today, but I won...

So, it's month end, and our UK office is noticing that emails are not 
processing outbound from their office. All of their emails come through the US 
server, to be delivered wherever, and there are some big emails (4-8mbytes) 
with proposals and orders and such, and they're getting desperate. Lots of 
little emails are stuck in queue too, though if left alone they seem to trickle 
out, while the big messages go to retry status.

It's already been a long day for me, having been woken up at 3am because they 
switched over to a new DSL provider, and couldn't log into the router to set up 
the PPOA configuration. (pay attention - that's a clue...)

While I'm trying to troubleshoot this, the nominal IT manager above me is 
freaking out and deleting messages from the outbound queue on the UK Exchange 
server, restarting services multiple times, rebooting the UK server, and 
generally showing all of the patience and investigative skill of a 4yo.

I leave the office at 18:00 to pick up my son at daycare, and arrive home and 
start ignoring everything else except the problem with Exchange. (I have a very 
good wife, and I deeply appreciate her patience with me!)

I get frustrated, and turn up logging on a bunch of Exchange services, then 
bounce both the UK and US servers remotely, just so I have a clean starting 
point in the logs.

Finally I notice a 4000 message from MSExchangeTransport on the US server 
(along with some 4006 messages from the same source on the UK server), and hit 
paydirt.

EventID.net turns up reference to MTU sizes.

I adjust the firewall in our UK office from 1500 to 1450, and transport of my 
test message with a 12mbyte text attachment flies through.

I test once more with the same attachment, just to be sure.

Success.

I am now going to bed.

Good night.

Kurt

PS - I'll turn down the logging tomorrow, when I have a few minutes to breathe 
at work.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/ 
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Where to get copies of my various documentation scripts

[Webster]

Nice

Thanks


Webster

From: Steven Peck [mailto:sep...@gmail.com]
Subject: Re: Where to get copies of my various documentation scripts

http://www.hanselman.com/blog/YouAreNotYourCode.aspx
I don't always agree with Scott but this is timely.
On Tue, Jan 29, 2013 at 7:27 PM, Kurt Buff 
mailto:kurt.b...@gmail.com>> wrote:
I do not use XenApp, nor Citrix, but I do have a word of advice.

Do not deprecate your skills with PowerShell. You have to start
somewhere, and this is a very large project on which to cut your
teeth.

In addition, you are obviously filling a very needed hole in the
ecosystem, and for this you will earn at least one day a year off in
hell, in spite of any of your other sins. :)

Kurt

On Tue, Jan 29, 2013 at 5:02 PM, Webster 
mailto:webs...@carlwebster.com>> wrote:
> You are welcome.
>
>
>
> I am currently working on my XenApp 5 script.  It is 99.9% complete.  Just
> trying to find more people to test it.  Feedback has been great so far.
> Here are some sample reports if you have a XenApp 5 farm.
>
>
>
> https://dl.dropbox.com/u/43555945/XA52003Farm.docx
>
> https://dl.dropbox.com/u/43555945/XA52008Farm.docx
>
>
>
> While I am waiting on testers to get back to me I started and finished
> updating my PVS script to create a Word doc.  I don't have a PVS server to
> test against right now so I sent it off to a friend for testing.
>
>
>
> This same friend is also building me  a complete XenDesktop lab so I can
> create a XD script.  He will have all 3 supported Hypervisors and all
> supported versions of XD5.x.  That will be a "fun" project!
>
>
>
> If I actually knew anything about PowerShell I would be dangerous. J


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Been a long day today, but I won...

[Stu Sjouwerman]

Well done ! 
Stu 

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, January 30, 2013 1:42 AM
To: NT System Admin Issues
Subject: Been a long day today, but I won...

So, it's month end, and our UK office is noticing that emails are not 
processing outbound from their office. All of their emails come through the US 
server, to be delivered wherever, and there are some big emails (4-8mbytes) 
with proposals and orders and such, and they're getting desperate. Lots of 
little emails are stuck in queue too, though if left alone they seem to trickle 
out, while the big messages go to retry status.

It's already been a long day for me, having been woken up at 3am because they 
switched over to a new DSL provider, and couldn't log into the router to set up 
the PPOA configuration. (pay attention - that's a clue...)

While I'm trying to troubleshoot this, the nominal IT manager above me is 
freaking out and deleting messages from the outbound queue on the UK Exchange 
server, restarting services multiple times, rebooting the UK server, and 
generally showing all of the patience and investigative skill of a 4yo.

I leave the office at 18:00 to pick up my son at daycare, and arrive home and 
start ignoring everything else except the problem with Exchange. (I have a very 
good wife, and I deeply appreciate her patience with me!)

I get frustrated, and turn up logging on a bunch of Exchange services, then 
bounce both the UK and US servers remotely, just so I have a clean starting 
point in the logs.

Finally I notice a 4000 message from MSExchangeTransport on the US server 
(along with some 4006 messages from the same source on the UK server), and hit 
paydirt.

EventID.net turns up reference to MTU sizes.

I adjust the firewall in our UK office from 1500 to 1450, and transport of my 
test message with a 12mbyte text attachment flies through.

I test once more with the same attachment, just to be sure.

Success.

I am now going to bed.

Good night.

Kurt

PS - I'll turn down the logging tomorrow, when I have a few minutes to breathe 
at work.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Where to get copies of my various documentation scripts

[Steven Peck]

http://www.hanselman.com/blog/YouAreNotYourCode.aspx
I don't always agree with Scott but this is timely.

On Tue, Jan 29, 2013 at 7:27 PM, Kurt Buff  wrote:

> I do not use XenApp, nor Citrix, but I do have a word of advice.
>
> Do not deprecate your skills with PowerShell. You have to start
> somewhere, and this is a very large project on which to cut your
> teeth.
>
> In addition, you are obviously filling a very needed hole in the
> ecosystem, and for this you will earn at least one day a year off in
> hell, in spite of any of your other sins. :)
>
> Kurt
>
> On Tue, Jan 29, 2013 at 5:02 PM, Webster  wrote:
> > You are welcome.
> >
> >
> >
> > I am currently working on my XenApp 5 script.  It is 99.9% complete.
>  Just
> > trying to find more people to test it.  Feedback has been great so far.
> > Here are some sample reports if you have a XenApp 5 farm.
> >
> >
> >
> > https://dl.dropbox.com/u/43555945/XA52003Farm.docx
> >
> > https://dl.dropbox.com/u/43555945/XA52008Farm.docx
> >
> >
> >
> > While I am waiting on testers to get back to me I started and finished
> > updating my PVS script to create a Word doc.  I don’t have a PVS server
> to
> > test against right now so I sent it off to a friend for testing.
> >
> >
> >
> > This same friend is also building me  a complete XenDesktop lab so I can
> > create a XD script.  He will have all 3 supported Hypervisors and all
> > supported versions of XD5.x.  That will be a “fun” project!
> >
> >
> >
> > If I actually knew anything about PowerShell I would be dangerous. J
> >
> >
> >
> > Thanks
> >
> >
> >
> >
> >
> > Webster
> >
> >
> >
> > From: Mark Boeck [mailto:netadmin...@gmail.com]
> > Subject: Re: Where to get copies of my various documentation scripts
> >
> >
> >
> > thank you for sharing your hard work with us!
> >
> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> > ~   ~
> >
> > ---
> > To manage subscriptions click here:
> > http://lyris.sunbelt-software.com/read/my_forums/
> > or send an email to listmana...@lyris.sunbeltsoftware.com
> > with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
>

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Been a long day today, but I won...

[Randal, Phil]

You'd need to ensure that incoming  ICMP can't fragment (type 3, code 4) 
messages get through.

Cheers,

Phil

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: 30 January 2013 15:26
To: NT System Admin Issues
Subject: Re: Been a long day today, but I won...

No icmp is blocked - hell, nothing is blocked outbound, which I'm unhappy with, 
but have to follow policy.

Don't know why it wasn't detected.

Kurt

On Wed, Jan 30, 2013 at 3:30 AM, Randal, Phil  
wrote:
> Someone's blocking ICMP Fragmentation Needed messages on your firewall(s), 
> then?
>
> A common firewall admin beginner's mistake :-)
>
> http://packetlife.net/blog/2008/aug/18/path-mtu-discovery/
>
> Cheers,
>
> Phil
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: 30 January 2013 06:42
> To: NT System Admin Issues
> Subject: Been a long day today, but I won...
>
> So, it's month end, and our UK office is noticing that emails are not 
> processing outbound from their office. All of their emails come through the 
> US server, to be delivered wherever, and there are some big emails 
> (4-8mbytes) with proposals and orders and such, and they're getting 
> desperate. Lots of little emails are stuck in queue too, though if left alone 
> they seem to trickle out, while the big messages go to retry status.
>
> It's already been a long day for me, having been woken up at 3am 
> because they switched over to a new DSL provider, and couldn't log 
> into the router to set up the PPOA configuration. (pay attention - 
> that's a clue...)
>
> While I'm trying to troubleshoot this, the nominal IT manager above me is 
> freaking out and deleting messages from the outbound queue on the UK Exchange 
> server, restarting services multiple times, rebooting the UK server, and 
> generally showing all of the patience and investigative skill of a 4yo.
>
> I leave the office at 18:00 to pick up my son at daycare, and arrive 
> home and start ignoring everything else except the problem with 
> Exchange. (I have a very good wife, and I deeply appreciate her 
> patience with me!)
>
> I get frustrated, and turn up logging on a bunch of Exchange services, then 
> bounce both the UK and US servers remotely, just so I have a clean starting 
> point in the logs.
>
> Finally I notice a 4000 message from MSExchangeTransport on the US server 
> (along with some 4006 messages from the same source on the UK server), and 
> hit paydirt.
>
> EventID.net turns up reference to MTU sizes.
>
> I adjust the firewall in our UK office from 1500 to 1450, and transport of my 
> test message with a 12mbyte text attachment flies through.
>
> I test once more with the same attachment, just to be sure.
>
> Success.
>
> I am now going to bed.
>
> Good night.
>
> Kurt
>
> PS - I'll turn down the logging tomorrow, when I have a few minutes to 
> breathe at work.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> “Any opinion expressed in this e-mail or any attached files are those of the 
> individual and not necessarily those of Hoople Ltd. You should be aware that 
> Hoople Ltd. monitors its email service. This e-mail and any attached files 
> are confidential and intended solely for the use of the addressee. This 
> communication may contain material protected by law from being passed on. If 
> you are not the intended recipient and have received this e-mail in error, 
> you are advised that any use, dissemination, forwarding, printing or copying 
> of this e-mail is strictly prohibited. If you have received this e-mail in 
> error please contact the sender immediately and destroy all copies of it.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Been a long day today, but I won...

[Ben Scott]

On Wed, Jan 30, 2013 at 10:26 AM, Kurt Buff  wrote:
>> Someone's blocking ICMP Fragmentation Needed messages on your firewall(s), 
>> then?
>
> No icmp is blocked - hell, nothing is blocked outbound, which I'm
> unhappy with, but have to follow policy.

  It's blocked somewhere.  Maybe you're not aware of it, maybe it's
not even your doing, but something's blocking that ICMP message or the
path MTU would have been discovered.

  Note that this "blocking" could be that someone's configured a
router not to originate it in the first place.

-- Ben

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Been a long day today, but I won...

[Ziots, Edward]

Ouch on the nothing is blocked outbounds, especially in these days of malware 
where it hits the endpoint and start attacking other systems out on the 
internet at reckless abandon. I have looked at enough malware samples in the 
last 2 months to prove without a doubt egress filtering is needed and works. 

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org

This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.




-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com] 
Sent: Wednesday, January 30, 2013 10:26 AM
To: NT System Admin Issues
Subject: Re: Been a long day today, but I won...

No icmp is blocked - hell, nothing is blocked outbound, which I'm unhappy with, 
but have to follow policy.

Don't know why it wasn't detected.

Kurt

On Wed, Jan 30, 2013 at 3:30 AM, Randal, Phil  
wrote:
> Someone's blocking ICMP Fragmentation Needed messages on your firewall(s), 
> then?
>
> A common firewall admin beginner's mistake :-)
>
> http://packetlife.net/blog/2008/aug/18/path-mtu-discovery/
>
> Cheers,
>
> Phil
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: 30 January 2013 06:42
> To: NT System Admin Issues
> Subject: Been a long day today, but I won...
>
> So, it's month end, and our UK office is noticing that emails are not 
> processing outbound from their office. All of their emails come through the 
> US server, to be delivered wherever, and there are some big emails 
> (4-8mbytes) with proposals and orders and such, and they're getting 
> desperate. Lots of little emails are stuck in queue too, though if left alone 
> they seem to trickle out, while the big messages go to retry status.
>
> It's already been a long day for me, having been woken up at 3am 
> because they switched over to a new DSL provider, and couldn't log 
> into the router to set up the PPOA configuration. (pay attention - 
> that's a clue...)
>
> While I'm trying to troubleshoot this, the nominal IT manager above me is 
> freaking out and deleting messages from the outbound queue on the UK Exchange 
> server, restarting services multiple times, rebooting the UK server, and 
> generally showing all of the patience and investigative skill of a 4yo.
>
> I leave the office at 18:00 to pick up my son at daycare, and arrive 
> home and start ignoring everything else except the problem with 
> Exchange. (I have a very good wife, and I deeply appreciate her 
> patience with me!)
>
> I get frustrated, and turn up logging on a bunch of Exchange services, then 
> bounce both the UK and US servers remotely, just so I have a clean starting 
> point in the logs.
>
> Finally I notice a 4000 message from MSExchangeTransport on the US server 
> (along with some 4006 messages from the same source on the UK server), and 
> hit paydirt.
>
> EventID.net turns up reference to MTU sizes.
>
> I adjust the firewall in our UK office from 1500 to 1450, and transport of my 
> test message with a 12mbyte text attachment flies through.
>
> I test once more with the same attachment, just to be sure.
>
> Success.
>
> I am now going to bed.
>
> Good night.
>
> Kurt
>
> PS - I'll turn down the logging tomorrow, when I have a few minutes to 
> breathe at work.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> “Any opinion expressed in this e-mail or any attached files are those of the 
> individual and not necessarily those of Hoople Ltd. You should be aware that 
> Hoople Ltd. monitors its email service. This e-mail and any attached files 
> are confidential and intended solely for the use of the addressee. This 
> communication may contain material protected by law from being passed on. If 
> you are not the intended recipient and have received this e-mail in error, 
> you are advised that any use, dissemination, forwarding, printing or copying 
> of this e-mail is strictly prohibited. If you have received this e-mail in 
> error please contact the sender immediately and destroy all copies of it.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To man

RE: Been a long day today, but I won...

[Ziots, Edward]

Or over zealous and disabled a lot of the ICMP type messages you can always use 
hping to craft packets that will test what responses are utilized when sending 
packets asking for fragmentation and just use tcpdump to look at the return 
packets. 

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org

This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.




-Original Message-
From: Randal, Phil [mailto:phil.ran...@hoopleltd.co.uk] 
Sent: Wednesday, January 30, 2013 6:31 AM
To: NT System Admin Issues
Subject: RE: Been a long day today, but I won...

Someone's blocking ICMP Fragmentation Needed messages on your firewall(s), then?

A common firewall admin beginner's mistake :-)

http://packetlife.net/blog/2008/aug/18/path-mtu-discovery/

Cheers,

Phil

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: 30 January 2013 06:42
To: NT System Admin Issues
Subject: Been a long day today, but I won...

So, it's month end, and our UK office is noticing that emails are not 
processing outbound from their office. All of their emails come through the US 
server, to be delivered wherever, and there are some big emails (4-8mbytes) 
with proposals and orders and such, and they're getting desperate. Lots of 
little emails are stuck in queue too, though if left alone they seem to trickle 
out, while the big messages go to retry status.

It's already been a long day for me, having been woken up at 3am because they 
switched over to a new DSL provider, and couldn't log into the router to set up 
the PPOA configuration. (pay attention - that's a clue...)

While I'm trying to troubleshoot this, the nominal IT manager above me is 
freaking out and deleting messages from the outbound queue on the UK Exchange 
server, restarting services multiple times, rebooting the UK server, and 
generally showing all of the patience and investigative skill of a 4yo.

I leave the office at 18:00 to pick up my son at daycare, and arrive home and 
start ignoring everything else except the problem with Exchange. (I have a very 
good wife, and I deeply appreciate her patience with me!)

I get frustrated, and turn up logging on a bunch of Exchange services, then 
bounce both the UK and US servers remotely, just so I have a clean starting 
point in the logs.

Finally I notice a 4000 message from MSExchangeTransport on the US server 
(along with some 4006 messages from the same source on the UK server), and hit 
paydirt.

EventID.net turns up reference to MTU sizes.

I adjust the firewall in our UK office from 1500 to 1450, and transport of my 
test message with a 12mbyte text attachment flies through.

I test once more with the same attachment, just to be sure.

Success.

I am now going to bed.

Good night.

Kurt

PS - I'll turn down the logging tomorrow, when I have a few minutes to breathe 
at work.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
“Any opinion expressed in this e-mail or any attached files are those of the 
individual and not necessarily those of Hoople Ltd. You should be aware that 
Hoople Ltd. monitors its email service. This e-mail and any attached files are 
confidential and intended solely for the use of the addressee. This 
communication may contain material protected by law from being passed on. If 
you are not the intended recipient and have received this e-mail in error, you 
are advised that any use, dissemination, forwarding, printing or copying of 
this e-mail is strictly prohibited. If you have received this e-mail in error 
please contact the sender immediately and destroy all copies of it.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an

RE: Shocking? Somehow, not...

[Ziots, Edward]

Just tried to run it on my systems and sure enough since I have totally 
disabled java it barfs. That and Zero Vulnerability Exploitshield catches its 
.dll being invoked into java as an exploit and stops it.

Z

Edward E. Ziots, CISSP, Security +, Network +
Security Engineer
Lifespan Organization
ezi...@lifespan.org

This electronic message and any attachments may be privileged and confidential 
and protected from disclosure. If you are reading this message, but are not the 
intended recipient, nor an employee or agent responsible for delivering this 
message to the intended recipient, you are hereby notified that you are 
strictly prohibited from copying, printing, forwarding or otherwise 
disseminating this communication. If you have received this communication in 
error, please immediately notify the sender by replying to the message. Then, 
delete the message from your computer. Thank you.
[Description: Description: Lifespan]


From: David Lum [mailto:david@nwea.org]
Sent: Wednesday, January 30, 2013 9:27 AM
To: NT System Admin Issues
Subject: RE: Shocking? Somehow, not...

Rapid7 has a tool to scan for this vulnerability, it does require Java(!) and 
registration, but is otherwise free.

From: Patrick Salmon [mailto:psal...@gmail.com]
Sent: Tuesday, January 29, 2013 1:01 PM
To: NT System Admin Issues
Subject: Re: Shocking? Somehow, not...

Not surprisingly, you're going to see a lot of alerts coming out on this 
subject. Here's the Cisco one: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
 which you can expect to be updated as more is learned about which products are 
affected.
On Tue, Jan 29, 2013 at 9:44 AM, David Lum 
mailto:david@nwea.org>> wrote:
http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 
503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin<>

Re: Been a long day today, but I won...

[Kurt Buff]

No icmp is blocked - hell, nothing is blocked outbound, which I'm
unhappy with, but have to follow policy.

Don't know why it wasn't detected.

Kurt

On Wed, Jan 30, 2013 at 3:30 AM, Randal, Phil
 wrote:
> Someone's blocking ICMP Fragmentation Needed messages on your firewall(s), 
> then?
>
> A common firewall admin beginner's mistake :-)
>
> http://packetlife.net/blog/2008/aug/18/path-mtu-discovery/
>
> Cheers,
>
> Phil
>
> -Original Message-
> From: Kurt Buff [mailto:kurt.b...@gmail.com]
> Sent: 30 January 2013 06:42
> To: NT System Admin Issues
> Subject: Been a long day today, but I won...
>
> So, it's month end, and our UK office is noticing that emails are not 
> processing outbound from their office. All of their emails come through the 
> US server, to be delivered wherever, and there are some big emails 
> (4-8mbytes) with proposals and orders and such, and they're getting 
> desperate. Lots of little emails are stuck in queue too, though if left alone 
> they seem to trickle out, while the big messages go to retry status.
>
> It's already been a long day for me, having been woken up at 3am because they 
> switched over to a new DSL provider, and couldn't log into the router to set 
> up the PPOA configuration. (pay attention - that's a clue...)
>
> While I'm trying to troubleshoot this, the nominal IT manager above me is 
> freaking out and deleting messages from the outbound queue on the UK Exchange 
> server, restarting services multiple times, rebooting the UK server, and 
> generally showing all of the patience and investigative skill of a 4yo.
>
> I leave the office at 18:00 to pick up my son at daycare, and arrive home and 
> start ignoring everything else except the problem with Exchange. (I have a 
> very good wife, and I deeply appreciate her patience with me!)
>
> I get frustrated, and turn up logging on a bunch of Exchange services, then 
> bounce both the UK and US servers remotely, just so I have a clean starting 
> point in the logs.
>
> Finally I notice a 4000 message from MSExchangeTransport on the US server 
> (along with some 4006 messages from the same source on the UK server), and 
> hit paydirt.
>
> EventID.net turns up reference to MTU sizes.
>
> I adjust the firewall in our UK office from 1500 to 1450, and transport of my 
> test message with a 12mbyte text attachment flies through.
>
> I test once more with the same attachment, just to be sure.
>
> Success.
>
> I am now going to bed.
>
> Good night.
>
> Kurt
>
> PS - I'll turn down the logging tomorrow, when I have a few minutes to 
> breathe at work.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
>   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
> “Any opinion expressed in this e-mail or any attached files are those of the 
> individual and not necessarily those of Hoople Ltd. You should be aware that 
> Hoople Ltd. monitors its email service. This e-mail and any attached files 
> are confidential and intended solely for the use of the addressee. This 
> communication may contain material protected by law from being passed on. If 
> you are not the intended recipient and have received this e-mail in error, 
> you are advised that any use, dissemination, forwarding, printing or copying 
> of this e-mail is strictly prohibited. If you have received this e-mail in 
> error please contact the sender immediately and destroy all copies of it.
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here: 
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Windows Network Awareness and "Public Network"

[kz20fl]

Can't you just change it?

I remember having to switch some lab systems to Private to get them to 
talkdon't remember if you can force the Domain profile though

Sent from my Blackberry, which may be an antique but delivers email RELIABLY

-Original Message-
From: David Lum 
Date: Wed, 30 Jan 2013 15:02:36 
To: NT System Admin Issues
Reply-To: "NT System Admin Issues" 
Subject: Windows Network Awareness and 
"Public Network"

Does anyone know what ports need to be open for Windows Network Awareness to 
believe it's on a domain? I have a DMZ server in a DMZ that thinks it's on a 
Public network - we can get it to talk to other systems but can't get any 
ingress traffic to it.
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Shocking? Somehow, not...

[David Lum]

Rapid7 has a tool to scan for this vulnerability, it does require Java(!) and 
registration, but is otherwise free.

From: Patrick Salmon [mailto:psal...@gmail.com]
Sent: Tuesday, January 29, 2013 1:01 PM
To: NT System Admin Issues
Subject: Re: Shocking? Somehow, not...

Not surprisingly, you're going to see a lot of alerts coming out on this 
subject. Here's the Cisco one: 
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130129-upnp
 which you can expect to be updated as more is learned about which products are 
affected.
On Tue, Jan 29, 2013 at 9:44 AM, David Lum 
mailto:david@nwea.org>> wrote:
http://news.cnet.com/8301-1009_3-57566366-83/upnp-networking-flaw-puts-millions-of-pcs-at-risk/
David Lum
Sr. Systems Engineer // NWEATM
Office 503.548.5229 // Cell (voice/text) 
503.267.9764


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

Re: Speaking of Barracuda...

[Richard Stovall]

Thanks for checking.  Out of curiosity, do you have Intent Analysis
enabled?  How about Multi-Level Intent Analysis?


On Wed, Jan 30, 2013 at 8:48 AM, N Parr  wrote:

> **
> I mean SPAM filter, to early to be responding to emails.
>
>  --
> *From:* N Parr
> *Sent:* Wednesday, January 30, 2013 7:45 AM
>
> *To:* NT System Admin Issues
> *Subject:* RE: Speaking of Barracuda...
>
>  I had no port 80 hits originating from my web filter.
>
>  --
> *From:* Richard Stovall [mailto:rich...@gmail.com]
> *Sent:* Tuesday, January 29, 2013 4:33 PM
> *To:* NT System Admin Issues
> *Subject:* Re: Speaking of Barracuda...
>
>  Thanks for having a look at it.
>
>  The activity is pretty frequent, actually.  The latest capture has about
> 30 gets to non-Barracuda sites in a few hours, all of which are embedded in
> inbound spam messages.
>
>  My suspicion is that it is something along the lines you describe, but I
> can't find anything in the config documents that explicitly states it will
> pull down content.  The fact the technician hadn't heard of this is a
> little strange, too.
>
>  The closest thing I can find is in the description of "Multi-Level
> Intent Analysis" which is:
>
>  *Multi-Level Intent Analysis - Set to Yes to inspect the results of Web
> queries to URIs of well-known free Web sites for redirections to known
> spammer sites*.
>
>  However, does www.nicejordans23.com sound like a "well-known" free
> website?  Or amazing.chloalt.us?
>
>  Maybe I'll get some more info when this e-mail comes in and hits the
> filter.  Perhaps those URLs will trigger the activity.
>
> Richard
>
>
>
> On Tue, Jan 29, 2013 at 5:14 PM, N Parr  wrote:
>
>> **
>> How often are you seeing it?  What model do you have?  I've had my ASA
>> logging for a few min now but nothing on port 80 yet.  I'll let it run
>> overnight and search the logs.  It could be part of the the spam checking
>> to see if URL's imbedded in emails are legit to aid in scoring?  Don't know
>> if they do that sort of thing, just grasping at straws.
>>
>>  --
>> *From:* Richard Stovall [mailto:rich...@gmail.com]
>> *Sent:* Tuesday, January 29, 2013 3:25 PM
>> *To:* NT System Admin Issues
>> *Subject:* OT: Speaking of Barracuda...
>>
>>  Would any of you who have Barracuda spam filters mind checking
>> something for me?
>>
>>  The other day I noticed outbound traffic from my spam appliance to port
>> 80 at destinations not owned by Barracuda Networks.  I started a packet cap
>> on my firewall and got some very interesting results.  In addition to
>> traffic for legitimate updates and whatnot, the appliance is actually going
>> out to and downloading content from the URLs embedded in some (but nowhere
>> near all) inbound spam messages.  I haven't yet figured out any pattern to
>> why it happens on some e-mails and not others.
>>
>>  I created a case with Barracuda this morning just to confirm that it is
>> expected behavior and get an explanation of the logic behind it, but the
>> tech I spoke to had never heard of this.  I sent him the packet cap and he
>> said he would kick it upstairs and get back to me, but I haven't heard
>> anything yet.
>>
>>  Anyone want to capture traffic from your Barracuda spam firewall on
>> outbound port 80 and see if you see anything similar?
>>
>>  Thanks,
>> RS
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
>> ~   ~
>>
>> ---
>> To manage subscriptions click here:
>> http://lyris.sunbelt-software.com/read/my_forums/
>> or send an email to listmana...@lyris.sunbeltsoftware.com
>> with the body: unsubscribe ntsysadmin
>>
>
>  ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an email to listmana...@lyris.sunbeltsoftware.com
> with the body: unsubscribe ntsysadmin
>
> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~
> ~   ~
>
> ---
> To manage subscriptions click here:
> http://lyris.sunbelt-software.com/read/my_forums/
> or send an ema

RE: Speaking of Barracuda...

[N Parr]

I mean SPAM filter, to early to be responding to emails.


From: N Parr
Sent: Wednesday, January 30, 2013 7:45 AM
To: NT System Admin Issues
Subject: RE: Speaking of Barracuda...

I had no port 80 hits originating from my web filter.


From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Tuesday, January 29, 2013 4:33 PM
To: NT System Admin Issues
Subject: Re: Speaking of Barracuda...

Thanks for having a look at it.

The activity is pretty frequent, actually.  The latest capture has about 30 
gets to non-Barracuda sites in a few hours, all of which are embedded in 
inbound spam messages.

My suspicion is that it is something along the lines you describe, but I can't 
find anything in the config documents that explicitly states it will pull down 
content.  The fact the technician hadn't heard of this is a little strange, too.

The closest thing I can find is in the description of "Multi-Level Intent 
Analysis" which is:

Multi-Level Intent Analysis - Set to Yes to inspect the results of Web queries 
to URIs of well-known free Web sites for redirections to known spammer sites.

However, does www.nicejordans23.com sound like a 
"well-known" free website?  Or amazing.chloalt.us?

Maybe I'll get some more info when this e-mail comes in and hits the filter.  
Perhaps those URLs will trigger the activity.

Richard



On Tue, Jan 29, 2013 at 5:14 PM, N Parr 
mailto:npar...@mortonind.com>> wrote:
How often are you seeing it?  What model do you have?  I've had my ASA logging 
for a few min now but nothing on port 80 yet.  I'll let it run overnight and 
search the logs.  It could be part of the the spam checking to see if URL's 
imbedded in emails are legit to aid in scoring?  Don't know if they do that 
sort of thing, just grasping at straws.


From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Tuesday, January 29, 2013 3:25 PM
To: NT System Admin Issues
Subject: OT: Speaking of Barracuda...

Would any of you who have Barracuda spam filters mind checking something for me?

The other day I noticed outbound traffic from my spam appliance to port 80 at 
destinations not owned by Barracuda Networks.  I started a packet cap on my 
firewall and got some very interesting results.  In addition to traffic for 
legitimate updates and whatnot, the appliance is actually going out to and 
downloading content from the URLs embedded in some (but nowhere near all) 
inbound spam messages.  I haven't yet figured out any pattern to why it happens 
on some e-mails and not others.

I created a case with Barracuda this morning just to confirm that it is 
expected behavior and get an explanation of the logic behind it, but the tech I 
spoke to had never heard of this.  I sent him the packet cap and he said he 
would kick it upstairs and get back to me, but I haven't heard anything yet.

Anyone want to capture traffic from your Barracuda spam firewall on outbound 
port 80 and see if you see anything similar?

Thanks,
RS

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Speaking of Barracuda...

[N Parr]

I had no port 80 hits originating from my web filter.


From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Tuesday, January 29, 2013 4:33 PM
To: NT System Admin Issues
Subject: Re: Speaking of Barracuda...

Thanks for having a look at it.

The activity is pretty frequent, actually.  The latest capture has about 30 
gets to non-Barracuda sites in a few hours, all of which are embedded in 
inbound spam messages.

My suspicion is that it is something along the lines you describe, but I can't 
find anything in the config documents that explicitly states it will pull down 
content.  The fact the technician hadn't heard of this is a little strange, too.

The closest thing I can find is in the description of "Multi-Level Intent 
Analysis" which is:

Multi-Level Intent Analysis - Set to Yes to inspect the results of Web queries 
to URIs of well-known free Web sites for redirections to known spammer sites.

However, does www.nicejordans23.com sound like a 
"well-known" free website?  Or amazing.chloalt.us?

Maybe I'll get some more info when this e-mail comes in and hits the filter.  
Perhaps those URLs will trigger the activity.

Richard



On Tue, Jan 29, 2013 at 5:14 PM, N Parr 
mailto:npar...@mortonind.com>> wrote:
How often are you seeing it?  What model do you have?  I've had my ASA logging 
for a few min now but nothing on port 80 yet.  I'll let it run overnight and 
search the logs.  It could be part of the the spam checking to see if URL's 
imbedded in emails are legit to aid in scoring?  Don't know if they do that 
sort of thing, just grasping at straws.


From: Richard Stovall [mailto:rich...@gmail.com]
Sent: Tuesday, January 29, 2013 3:25 PM
To: NT System Admin Issues
Subject: OT: Speaking of Barracuda...

Would any of you who have Barracuda spam filters mind checking something for me?

The other day I noticed outbound traffic from my spam appliance to port 80 at 
destinations not owned by Barracuda Networks.  I started a packet cap on my 
firewall and got some very interesting results.  In addition to traffic for 
legitimate updates and whatnot, the appliance is actually going out to and 
downloading content from the URLs embedded in some (but nowhere near all) 
inbound spam messages.  I haven't yet figured out any pattern to why it happens 
on some e-mails and not others.

I created a case with Barracuda this morning just to confirm that it is 
expected behavior and get an explanation of the logic behind it, but the tech I 
spoke to had never heard of this.  I sent him the packet cap and he said he 
would kick it upstairs and get back to me, but I haven't heard anything yet.

Anyone want to capture traffic from your Barracuda spam firewall on outbound 
port 80 and see if you see anything similar?

Thanks,
RS

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin


~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to 
listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin

RE: Been a long day today, but I won...

[Randal, Phil]

Someone's blocking ICMP Fragmentation Needed messages on your firewall(s), then?

A common firewall admin beginner's mistake :-)

http://packetlife.net/blog/2008/aug/18/path-mtu-discovery/

Cheers,

Phil

-Original Message-
From: Kurt Buff [mailto:kurt.b...@gmail.com]
Sent: 30 January 2013 06:42
To: NT System Admin Issues
Subject: Been a long day today, but I won...

So, it's month end, and our UK office is noticing that emails are not 
processing outbound from their office. All of their emails come through the US 
server, to be delivered wherever, and there are some big emails (4-8mbytes) 
with proposals and orders and such, and they're getting desperate. Lots of 
little emails are stuck in queue too, though if left alone they seem to trickle 
out, while the big messages go to retry status.

It's already been a long day for me, having been woken up at 3am because they 
switched over to a new DSL provider, and couldn't log into the router to set up 
the PPOA configuration. (pay attention - that's a clue...)

While I'm trying to troubleshoot this, the nominal IT manager above me is 
freaking out and deleting messages from the outbound queue on the UK Exchange 
server, restarting services multiple times, rebooting the UK server, and 
generally showing all of the patience and investigative skill of a 4yo.

I leave the office at 18:00 to pick up my son at daycare, and arrive home and 
start ignoring everything else except the problem with Exchange. (I have a very 
good wife, and I deeply appreciate her patience with me!)

I get frustrated, and turn up logging on a bunch of Exchange services, then 
bounce both the UK and US servers remotely, just so I have a clean starting 
point in the logs.

Finally I notice a 4000 message from MSExchangeTransport on the US server 
(along with some 4006 messages from the same source on the UK server), and hit 
paydirt.

EventID.net turns up reference to MTU sizes.

I adjust the firewall in our UK office from 1500 to 1450, and transport of my 
test message with a 12mbyte text attachment flies through.

I test once more with the same attachment, just to be sure.

Success.

I am now going to bed.

Good night.

Kurt

PS - I'll turn down the logging tomorrow, when I have a few minutes to breathe 
at work.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ 
  ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin
“Any opinion expressed in this e-mail or any attached files are those of the 
individual and not necessarily those of Hoople Ltd. You should be aware that 
Hoople Ltd. monitors its email service. This e-mail and any attached files are 
confidential and intended solely for the use of the addressee. This 
communication may contain material protected by law from being passed on. If 
you are not the intended recipient and have received this e-mail in error, you 
are advised that any use, dissemination, forwarding, printing or copying of 
this e-mail is strictly prohibited. If you have received this e-mail in error 
please contact the sender immediately and destroy all copies of it.

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~   ~

---
To manage subscriptions click here: 
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to listmana...@lyris.sunbeltsoftware.com
with the body: unsubscribe ntsysadmin